Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security + Cloud: What studios and vendors need to consider when adopting cloud solutions. - Ted Harrington ISE: ETC Cloud QTR

281 views

Published on

Security + Cloud: What studios and vendors need to consider when adopting cloud solutions.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Security + Cloud: What studios and vendors need to consider when adopting cloud solutions. - Ted Harrington ISE: ETC Cloud QTR

  1. 1. ISE Proprietary S ECU RITY + CLO U D Ted Harrington, Executive Partner | ted.harrington@securityevaluators.com
  2. 2. ISE Proprietary why is this important?
  3. 3. ISE Proprietary
  4. 4. ISE Confidential - not for distribution THREATMODELING
  5. 5. ISE Proprietary
  6. 6. ISE Proprietary “If you don’t know where you’re going, any road will take you there”
  7. 7. ISE Proprietary
  8. 8. EXTERNAL ADVERSARIES ISE Proprietary
  9. 9. ISE Proprietary
  10. 10. ISE Proprietary CASUAL HACKER
  11. 11. ISE Proprietary HACKTIVIST
  12. 12. ISE Proprietary CORPORATE ESPIONAGE
  13. 13. ISE Proprietary ORGANIZED CRIME
  14. 14. ISE Proprietary NATION STATE
  15. 15. ISE Proprietary INTERNAL ADVERSARIES
  16. 16. InternalAdversaries ISE Confidential - not for distribution
  17. 17. InternalAdversaries ISE Confidential - not for distribution ACCIDENTAL
  18. 18. InternalAdversaries ISE Confidential - not for distribution OPPORTUNISTIC
  19. 19. InternalAdversaries ISE Confidential - not for distribution DETERMINED
  20. 20. ISE Confidential - not for distribution SECURITY+ CLOUD
  21. 21. Security+ Cloud ISE Confidential - not for distribution
  22. 22. Security+ Cloud ISE Confidential - not for distribution Platform must be hardened
  23. 23. Security+ Cloud ISE Confidential - not for distribution Configuration is CRITICAL!
  24. 24. Security+ Cloud ISE Confidential - not for distribution “But I don’t own the equipment!”
  25. 25. Security+ Cloud ISE Confidential - not for distribution “But I don’t own the equipment!” Bad if: cloudplatform<on-prem Good if: cloudplatform>on-prem
  26. 26. CautionaryTale ISE Confidential - not for distribution
  27. 27. ISE Confidential - not for distribution !
  28. 28. ISE Confidential - not for distribution SECURE DESIGN PRINCIPLES
  29. 29. LeastPrivilege ISE Confidential - not for distribution
  30. 30. PrivilegeSeparation ISE Confidential - not for distribution
  31. 31. Defensein Depth ISE Confidential - not for distribution
  32. 32. Trust Reluctance ISE Confidential - not for distribution
  33. 33. Open Design ISE Confidential - not for distribution
  34. 34. Economy ofMechanism ISE Confidential - not for distribution
  35. 35. CompleteMediation ISE Confidential - not for distribution
  36. 36. PsychologicalAcceptability ISE Confidential - not for distribution
  37. 37. Fail Secure ISE Confidential - not for distribution
  38. 38. Securethe WeakestLink ISE Confidential - not for distribution
  39. 39. ReduceAsset Handling ISE Confidential - not for distribution
  40. 40. Build SecurityIn ISE Confidential - not for distribution
  41. 41. Ongoing Reassessment ISE Confidential - not for distribution
  42. 42. ISE Confidential - not for distribution ANTI-PRINCIPLES
  43. 43. Compliance ISE Confidential - not for distribution
  44. 44. Complexity ISE Confidential - not for distribution
  45. 45. Obscurity ISE Confidential - not for distribution
  46. 46. SecurityThrough Legality ISE Confidential - not for distribution
  47. 47. Deferralof Risk ISE Confidential - not for distribution
  48. 48. ISE Confidential - not for distribution SECURITY ASSESSMENT: The Wrong Way
  49. 49. SecurityAssessmentFail ISE Confidential - not for distribution
  50. 50. ISE Confidential - not for distribution SECURITY ASSESSEMENT: The Right Way
  51. 51. SecurityAssessmentWin ISE Confidential - not for distribution
  52. 52. ISE Confidential - not for distribution KEYTAKEAWAYS
  53. 53. Key Takeaways • Configurationis critical! • Cloud could be more secure, could be less secure • Assessment methodology matters ISE Confidential - not for distribution
  54. 54. How Can ISE Help? • Security assessment – Application – Infrastructure – Supply Chain – Vendor • Designguidance • Training • Embed ISE Confidential - not for distribution
  55. 55. ISE Confidential - not for distribution Questions? Ted.Harrnington@securityevaluators.com

×